Partner with ORPs, IT Security, Entity-level TICR teams and external organizations in monitoring newsworthy cyber threats and incidents, assess if threats are relevant to the Group, whether existing controls are adequate, and report to relevant Risk Management Committees.

Establish and conduct a Working Group focusing on discussions of cyber risk and resilience incident reviews, proposals to embark on new initiatives, and progress and outcome reporting of cyber risk mitigation initiatives.

Develop & execute initiatives arising from discussions at the relevant Risk Management Committees and Working Groups, or from the manager.Develop & execute annual program of social engineering testing program, and advise Entity-level TICR teams on their respective testing programs.

Preparation of regular and as-needed cyber risk and resilience reports to present cyber risk profiles. This include consolidation of submission of Entity-level TICR reports, and reports from 1 st Line-of-Defense teams.

Participate in industry working groups and contribute to overall improvement of the cyber risk & resilience posture of the industry.

More than 10 years of relevant IT experience, of which more than 7 years are in technology risk & information security, or IT audit. Relevant IT experience include managing large-scale IT projects, application development & maintenance, production support, and/or infrastructure management